• United States



by Adam Bender

Too much business influence on ID verification plan?

Dec 11, 20123 mins
CIOData and Information SecurityIdentity Management Solutions

A proposed National Trusted Identities Framework (NTIF) appears to provide few benefits and “a number of risks” for consumers, according to the Australian Communications Consumer Action Network (ACCAN).

Under the proposed NTIF, the government and private sector could share consumer identity information with the goal of faster identity verification.

However, in a submission today to the Department of Prime Minister and Cabinet, ACCAN said “no clear case” has been “made from a consumer perspective that the NTIF is needed.”

ACCAN complained that consumer interest have not been well represented in consultations to develop the NTIF. Businesses have had large influence on consultations and ACCAN fears that NTIF “is simply a tool for business and governments to better identify individuals,” the consumer group wrote in its submission.

“Much more detail about the NTIF is needed for consumers and civil society representatives to be able to engage with the development process, and this detail should be made public and provided in a timely and transparent manner if there is to be any confidence in the process from civil society and consumers,” ACCAN said.

ACCAN said the influence of businesses has led to too much focus on extending the document verification service to private sector companies. The DVS is an online service used by the government for identity verification.

“The claimed benefits of the NTIF extend beyond private sector interests, yet the DVS extension would primarily benefit businesses,” ACCAN said. “If the DVS extension is to serve as the next stage in the development of the NTIF it will likely undermine consumer confidence in later stages of the NTIF.”

ACCAN outlined several priority areas for the final NTIF.

The NTIF “must recognise that online identity is multi-faceted, and continue to allow individuals to maintain multiple identities,” ACCAN said. Someone might need to maintain multiple online identities if, for example, a person is dealing with one organisation in two ways, as an individual and as a company representative.

The framework should recognise that disclosure of identity is not always needed, ACCAN said. “If, for example, it is sufficient for some purpose to verify that an individual is over 18, there should be no disclosure of the individual’s date of birth, but rather a simple acknowledgement that the individual is over 18.”

Individuals should be able to contest incorrect data about themselves through a simple mechanism, ACCAN added.

Separately, ACCAN has proposed stronger privacy protections for consumers in the case of data breaches. In a submission earlier this month, the consumer group urged a law requiring companies to notify customers about breaches soon after they occur.

Parliament passed several amendments to privacy law last month, including greater enforcement powers for the Australian privacy commissioner.

Follow Adam Bender on Twitter: @WatchAdam

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia